Cloud security

Mastering Cloud Security: Your Resource for Infrastructure Protection, Compliance, Zero Trust, and More.

Magnifying glass red bug bounty, green binary code, identify and submit vulnerability reports

ServiceNow says security researchers, not hackers, accessed data

Steve ZurierJune 10, 2026

ServiceNow investigates access issue, says no attacker activity found.

Today's Top Cloud Security Headlines

Cloud Security News

Cloud Security

Cloud Visibility, Fortibleed, hacking things the easy way – Sandy Bird – PSW #932

June 25, 2026

First up is Sandy Bird from Sonrai discussing how to protect our cloud infrastructure! This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Next up in the security news: Help, I am Fortibleeding, Cisco SD-WAN needs help, The secret life of probe requests, Help, I am Squidbleeding, XSS to RC...

Vulnerability Management

Most organizations that miss 24-hour patch window report breaches

Steve ZurierJune 2, 2026

Study points out that AI has shattered the model of patching on a two- to four-week schedule.

Microsoft Teams website on a tablet. Teams is a unified team communication and collaboration platform with workplace chat, video meetings, and file storage.

Ransomware

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

Steve ZurierApril 24, 2026

Attackers abuse Teams chat to deliver malware after help desk phishing scam.

A glowing red cloud icon with an exclamation mark sits on a dark circuit board, symbolizing critical cloud computing error or data risk.

AI/ML

AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42

Steve ZurierApril 23, 2026

PoC proves that attackers can leverage AI to exploit cloud weaknesses at machine speed.

Application security

Microsoft 365 mailbox rules abused for exfiltration, persistence

Steve ZurierApril 13, 2026

Attackers abuse Microsoft 365 mailbox rules to hide activity, steal data, and persist after password resets.

Cloud Security

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

Steve ZurierApril 9, 2026

Google says UNC6783 leverages social engineering and phishing campaigns to gain entry to the BPOs.

RSAC

BSides SF: SaaS, cloud assets vulnerable to identity-based ransomware attacks

Paul WagenseilMarch 28, 2026

It's easy to mount ransomware attacks upon SaaS and cloud assets, a researcher said at the BSides SF 2026 hacker conference.

Cloud Security

Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet – SWN #563

March 13, 2026

This episode is all about trust getting abused at scale. We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft. Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’s transactions in-app, a straight confidentiality failure, not “someon...

Salesforce office building in Singapore City. Salesforce Inc is an American Fortune 500 listed, cloud-based software company.

Cloud Security

Salesforce confirms ShinyHunters exploited Experience Cloud sites

Steve ZurierMarch 10, 2026

The ShinyHunters cybercrime group has systematically targeted Salesforce instances since mid-2025.

China map outline, flag colors red, yellow glowing. Futuristic circuit board digital technology backdrop. High-tech data streams, innovation, modern design, connectivity global network.

Application security

Google disrupts decade-long China-linked UNC2814 espionage campaign

Steve ZurierFebruary 25, 2026

GTIG points out that this campaign had no overlaps with other PRC activities, such as Salt Typhoon.

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Sign up now for the top five issues cybersecurity pros need to know this week.

Cloud security

ServiceNow says security researchers, not hackers, accessed data

Today's Top Cloud Security Headlines

Amazon Q Developer extension vulnerability could have exposed cloud credentials

Google Cloud Vertex AI SDK flaw allowed model hijacking and code execution

Security researcher reportedly accesses FIFA World Cup broadcast controls via API flaw

Magecart campaign exploits Stripe API for credit card theft

Cloud Security: Explained and Explored

SASE manages your network access, but who manages your SASE?

The hidden risk in hybrid IT: Fragmented vulnerability management

Back to the beginning: A new model for secure SaaS access

5 ways to mitigate the risks of “cracked” software

Breaking the trade-off: Full email security without deployment friction

Why Agentic AI will obliterate legacy SaaS, cybersecurity, and networking giants

From cloud chaos to control: A DevSecOps roadmap for multi-cloud

The AI threat isn’t one exploit: It’s attackers hijacking trusted workflows

Modernizing SaaS security for the agentic AI era

Five ways SASE helps with TLS inspection

Cloud Security News

Cloud Visibility, Fortibleed, hacking things the easy way – Sandy Bird – PSW #932

Most organizations that miss 24-hour patch window report breaches

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42

Microsoft 365 mailbox rules abused for exfiltration, persistence

Actor tied to Raccoon targets ‘several dozen’ companies by exploiting BPOs and helpdesks

BSides SF: SaaS, cloud assets vulnerable to identity-based ransomware attacks

Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet – SWN #563

Salesforce confirms ShinyHunters exploited Experience Cloud sites

Google disrupts decade-long China-linked UNC2814 espionage campaign

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Cloud Security Events

Cloud Security: The AI Effect and How to Proceed